Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Paul de Weerd
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
| Hi,
|
| I've got to port some shell scripts which rely on env vars. One
| amongst those is $SSH_CLIENT.
|
| On OpenBSD 5.1 machines, I don't get what I'd assume to get:
|
| # echo $SSH_CLIENT
|
| It returns just a blank line.

This Works For Me (tm) on a snapshot I installed yesterday.  I ssh
into my machine and SSH_CLIENT contains the expected value.

| I re-tested this on an older development machine, running OpenBSD 4.6:
|
| # echo $SSH_CLIENT
| 123.45.67.89 34402 22
|
| Is that an intended change in behavior (security related)? I didn't
| find a changelog entry, neither documentation.

Can you confirm your shell initialization isn't clearing this
environment variable ?

Paul 'WEiRD' de Weerd

--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Otto Moerbeek
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:

 Hi,
 
 I've got to port some shell scripts which rely on env vars. One
 amongst those is $SSH_CLIENT.
 
 On OpenBSD 5.1 machines, I don't get what I'd assume to get:
 
 # echo $SSH_CLIENT
 
 It returns just a blank line.
 
 I re-tested this on an older development machine, running OpenBSD 4.6:
 
 # echo $SSH_CLIENT
 123.45.67.89 34402 22
 
 Is that an intended change in behavior (security related)? I didn't
 find a changelog entry, neither documentation.
 
 Thanks,
 
 Bernd

SSH_CONNECTION replaces SSH_CLIENT. See the commit below and
https://bugzilla.mindrot.org/show_bug.cgi?id=384

CVSROOT:/cvs
Module name:src
Changes by: stev...@cvs.openbsd.org 2002/09/12 13:50:36

Modified files:
usr.bin/ssh: session.c ssh.1

Log message:
add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@

-Otto



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Maurice Janssen
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
Hi,

I've got to port some shell scripts which rely on env vars. One
amongst those is $SSH_CLIENT.

On OpenBSD 5.1 machines, I don't get what I'd assume to get:

# echo $SSH_CLIENT

It returns just a blank line.

I re-tested this on an older development machine, running OpenBSD 4.6:

# echo $SSH_CLIENT
123.45.67.89 34402 22

I do get an answer like the above on a 5.1 machine.
So perhaps something in your local environment that clear it?

-- 
Maurice



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Bernd

Am 2012-10-11 10:50, schrieb Paul de Weerd:

On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
| Hi,
|
| I've got to port some shell scripts which rely on env vars. One
| amongst those is $SSH_CLIENT.
|
| On OpenBSD 5.1 machines, I don't get what I'd assume to get:
|
| # echo $SSH_CLIENT
|
| It returns just a blank line.

This Works For Me (tm) on a snapshot I installed yesterday.  I ssh
into my machine and SSH_CLIENT contains the expected value.


Weird. I tested on four amd64 5.1 machines, totally default setups, all 
the same phenomenon.


| I re-tested this on an older development machine, running OpenBSD 
4.6:

|
| # echo $SSH_CLIENT
| 123.45.67.89 34402 22
|
| Is that an intended change in behavior (security related)? I didn't
| find a changelog entry, neither documentation.

Can you confirm your shell initialization isn't clearing this
environment variable ?


Defaults everywhere, as on the machine(s) running earlier releases.

Bernd


Paul 'WEiRD' de Weerd

--

[++-]+++.+++[---].+++[+

+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type 
application/pgp-signature]




Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Otto Moerbeek
On Thu, Oct 11, 2012 at 10:54:05AM +0200, Otto Moerbeek wrote:

 On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
 
  Hi,
  
  I've got to port some shell scripts which rely on env vars. One
  amongst those is $SSH_CLIENT.
  
  On OpenBSD 5.1 machines, I don't get what I'd assume to get:
  
  # echo $SSH_CLIENT
  
  It returns just a blank line.
  
  I re-tested this on an older development machine, running OpenBSD 4.6:
  
  # echo $SSH_CLIENT
  123.45.67.89 34402 22
  
  Is that an intended change in behavior (security related)? I didn't
  find a changelog entry, neither documentation.
  
  Thanks,
  
  Bernd
 
 SSH_CONNECTION replaces SSH_CLIENT. See the commit below and
 https://bugzilla.mindrot.org/show_bug.cgi?id=384

Ehh, replace is not the right word. It's still there.

 
 CVSROOT:/cvs
 Module name:src
 Changes by: stev...@cvs.openbsd.org 2002/09/12 13:50:36
 
 Modified files:
 usr.bin/ssh: session.c ssh.1
 
 Log message:
 add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
 
   -Otto



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Bernd

Am 2012-10-11 10:38, schrieb Bernd:

Hi,

I've got to port some shell scripts which rely on env vars. One
amongst those is $SSH_CLIENT.

On OpenBSD 5.1 machines, I don't get what I'd assume to get:

# echo $SSH_CLIENT

It returns just a blank line.


Logged in as normal user, became root via 'su -'. That triggers 
mentioned behavior, just using 'su' keeps it behaving as expected.


Thanks,

Bernd

I re-tested this on an older development machine, running OpenBSD 
4.6:


# echo $SSH_CLIENT
123.45.67.89 34402 22

Is that an intended change in behavior (security related)? I didn't
find a changelog entry, neither documentation.

Thanks,

Bernd




Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Bernd

Am 2012-10-11 11:01, schrieb Otto Moerbeek:

On Thu, Oct 11, 2012 at 10:54:05AM +0200, Otto Moerbeek wrote:


On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:

 Hi,

 I've got to port some shell scripts which rely on env vars. One
 amongst those is $SSH_CLIENT.

 On OpenBSD 5.1 machines, I don't get what I'd assume to get:

 # echo $SSH_CLIENT

 It returns just a blank line.

 I re-tested this on an older development machine, running OpenBSD 
4.6:


 # echo $SSH_CLIENT
 123.45.67.89 34402 22

 Is that an intended change in behavior (security related)? I 
didn't

 find a changelog entry, neither documentation.

 Thanks,

 Bernd

SSH_CONNECTION replaces SSH_CLIENT. See the commit below and
https://bugzilla.mindrot.org/show_bug.cgi?id=384


Ehh, replace is not the right word. It's still there.


Thanks for that hint, but still:

# echo $SSH_CONNECTION

# echo $SSH_CLIENT

#

On the older machines, interesingly (and 'of course'), both return 
sensible data.


Bernd


CVSROOT:/cvs
Module name:src
Changes by: stev...@cvs.openbsd.org 2002/09/12 13:50:36

Modified files:
usr.bin/ssh: session.c ssh.1

Log message:
add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@

-Otto




Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Peter Hessler
On 2012 Oct 11 (Thu) at 11:15:24 +0200 (+0200), Bernd wrote:
:Am 2012-10-11 10:38, schrieb Bernd:
:Hi,
:
:I've got to port some shell scripts which rely on env vars. One
:amongst those is $SSH_CLIENT.
:
:On OpenBSD 5.1 machines, I don't get what I'd assume to get:
:
:# echo $SSH_CLIENT
:
:It returns just a blank line.
:
:Logged in as normal user, became root via 'su -'. That triggers
:mentioned behavior, just using 'su' keeps it behaving as expected.
:

$ man su
...
 -   Same as the -l option (deprecated).
...
 -l  Simulate a full login.  The environment is discarded except for
 HOME, SHELL, PATH, TERM, LOGNAME, and USER.  HOME and SHELL are
 modified as above.  LOGNAME and USER are set to the target login.
 PATH is set to the value specified by the ``path'' entry in
 login.conf(5).  TERM is imported from your current environment.
 The invoked shell is the target login's, and su will change
 directory to the target login's home directory.


-- 
Distress, n.:
A disease incurred by exposure to the prosperity of a friend.
-- Ambrose Bierce, The Devil's Dictionary



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Bernd

Am 2012-10-11 11:29, schrieb Peter Hessler:

On 2012 Oct 11 (Thu) at 11:15:24 +0200 (+0200), Bernd wrote:
:Am 2012-10-11 10:38, schrieb Bernd:
:Hi,
:
:I've got to port some shell scripts which rely on env vars. One
:amongst those is $SSH_CLIENT.
:
:On OpenBSD 5.1 machines, I don't get what I'd assume to get:
:
:# echo $SSH_CLIENT
:
:It returns just a blank line.
:
:Logged in as normal user, became root via 'su -'. That triggers
:mentioned behavior, just using 'su' keeps it behaving as expected.
:

$ man su
...
 -   Same as the -l option (deprecated).
...
 -l  Simulate a full login.  The environment is discarded 
except for
 HOME, SHELL, PATH, TERM, LOGNAME, and USER.  HOME and 
SHELL are

 modified as above.  LOGNAME and USER are set to the
target login.
 PATH is set to the value specified by the ``path'' entry 
in
 login.conf(5).  TERM is imported from your current 
environment.
 The invoked shell is the target login's, and su will 
change

 directory to the target login's home directory.


Known for decades, sure. Still wonder what changed. Machines are pretty 
extremely default setups.


Bernd



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread Jan Stary
On Oct 11 10:38:04, be...@kroenchenstadt.de wrote:
 Hi,
 
 I've got to port some shell scripts which rely on env vars. One
 amongst those is $SSH_CLIENT.
 
 On OpenBSD 5.1 machines, I don't get what I'd assume to get:
 
 # echo $SSH_CLIENT
 
 It returns just a blank line.

Are you in fact ssh-connected to the machine you are running this on?
That is, are you running this in the sshd-spawned shell?



Re: SSH_CLIENT in recent OpenBSD releases

2012-10-11 Thread John Long
Missed the earlier part of this thread but...

If you su - to another userid the environment variable appears to get
unset. To the OP have you su'd or are do trying this immediately on login. I
am running 5.1-stable and current and $SSH_CLIENT is valid on both boxes.


On Thu, Oct 11, 2012 at 05:02:39PM +0200, Jan Stary wrote:
 On Oct 11 10:38:04, be...@kroenchenstadt.de wrote:
  Hi,
  
  I've got to port some shell scripts which rely on env vars. One
  amongst those is $SSH_CLIENT.
  
  On OpenBSD 5.1 machines, I don't get what I'd assume to get:
  
  # echo $SSH_CLIENT
  
  It returns just a blank line.
 
 Are you in fact ssh-connected to the machine you are running this on?
 That is, are you running this in the sshd-spawned shell?
 

-- 
ASCII ribbon campaign ( ) Powered by Lemote Fuloong
 against HTML e-mail   X  Loongson MIPS and OpenBSD
   and proprietary/ \http://www.mutt.org
 attachmentsCode Blue or Go Home!